As the Festive countdown is underway, this year looks set to be one in which the mobile phone plays a bigger role than ever before in our pre-Christmas shopping. Savvy punters are increasingly switching on to mobile websites or using their credit cards over mobile apps to buy goods. So what are the pros and cons of the shift towards a cashless society.
We have already begun to see this trend developing over the past month. On Cyber Monday, Paypal alone saw a 190 per cent increase in mobile transactions, and Visa has predicted that by 2020 half of all UK Visa payments will be mobile.
But whilst the mobile is bringing great flexibility and convenience for users who want to be able to shop on the move, if we are to begin the journey towards a cashless society, users must be aware of security risks and learn how to protect themselves on their mobiles. On the other hand, industry players need to embrace the opportunity that mobile can offer to reduce the risk of fraud and make payments even more secure.
When it comes to the holiday period, scammers and online phishers see one thing — more consumers sharing their information online to steal. As consumers have moved to using mobile devices to conduct transactions online, the number of breaches and hacks has increased.
Mobile devices are the new vulnerability, and while smartphones are considerably more secure than desktop browsers, there are certain attack vectors which can introduce risk. In fact there has been a dramatic increase in malware specifically targeting mobile devices, and McAfee’s research showed that mobile malware increased by a massive 700 per cent over 2011, adding significant risk when using a mobile browser and relying strictly on passwords for protection.
What makes the mobile such an appealing target for cyber criminals is that whilst users are sharing sensitive financial information and conducting transactions on their devices, there is a real lack of security awareness or protection in place. Last year, Canalys found that 96 per cent of smartphones and tablets lack necessary security software, and whilst awareness amongst users is increasing, mobile security is still a major issue.
Simple steps by users and better awareness can create two serious obstacles for cybercriminals wanting to steal consumer information. Precautions such as using downloadable mobile apps instead of mobile browsers, looking for the “lock” when you have no choice but to use a mobile browser, being wary of phishing scams, using strong passwords, changing them regularly and not reusing the same passwords for multiple sites can go some way to thwarting attacks. Educating users will be key to ensuring that this technology can be embraced, without having a detrimental effect on security.
Although the move towards a cashless society is hard to see in the near future, mobile payments will certainly become a dominant form of payment over credit card and debit cards over the coming years, but it may take a number of years before vendors, mobile carriers and banks settle their differences and come up with a unified, secure platform for mobile payments.
Nonetheless, the potential benefits of mobile payments are many, for both the retailer and the end user. There are many studies that show that people buy more when not connected to the cash element, so there is plenty of money to be made for providers.
Retailers and banks can also gain more of an insight into customer behaviour by tracking purchases, and can therefore target advertising and deals more effectively. They can also use mobile technology as an opportunity to reduce fraud, by providing more security features than common credit cards do today. Core features of the mobile, such as GPS location, voice and facial recognition enabled by the camera, and the ability to deliver strong encryption, can provide better identity authentication for users than devices like card readers, verification passwords and PINs.
Users can also see a variety of benefits from mobile payments, with convenience being the biggest advantage, and not having to deal with multiple cards, accounts, pins and passwords. This in itself can lead to improved security and lower the chance of duplicate passwords that are easily hacked. On top of that, people know where their mobile phone is at all times, and always have it on their person, making it a prime choice for a wallet replacement.
Security is an arms race, and as we move more valuable information and transactions into the mobile channel, it’s inevitable that attackers will follow. So while it is true that many of the security features that mobile devices offer clearly beat current security measures with credit cards, there are a number of steps users should take to ensure they are doing the best they can to protect themselves, such as:
- Do not use a rooted or Jail broken phone.
- Make use of native smartphone applications from trusted stores instead mobile browsers whenever possible
- Use the most up-to-date software (that includes the OS, and the apps)
- Consider using security software, for mobile apps
- PIN protect devices. While most mobile wallet apps require a PIN for themselves, by not having a PIN to simply access a device, rogue users can install/modify other apps leaving you potentially vulnerable to man-in-the-middle attacks
Mobile payments are undoubtedly increasing in popularity, and they provide users with the flexibility and convenience to shop the way that they want, which can only be a good thing. However, with these innovations come great challenges, and if users want to be able to take advantage of these new technologies, they will have to maintain a certain degree of security awareness to avoid becoming the victim of this new generation of identity fraud.
Mike Byrnes is director of product management at Entrust